Check out the OIPC’s new resource Steps to Processing an Access to Information Request

Updated statement on proposed changes to Ontario’s Freedom of Information and Protection of Privacy Act

OPC examines websites and apps used by children as part of global privacy sweep

Statement on proposed changes to Ontario’s FIPPA stemming from the production order issued by Ontario’s Information and Privacy Commissioner which was upheld by the Divisional Court.

New podcast episode out now Un-redacted, The Sask IPC Podcast | IPC

New Report Posted: Read Snooping in a Police Database for more information

Check out this new resource that explains the interaction between LA FOIP and The Municipalities Act in the province of Saskatchewan and as it pertains to personal information.

When AI Turns DarkWarning: this blog contains details about suicide. If you are struggling with your mental health, call 988 for 24/7 voice or text support or visit 988.ca

LA FOIP, Municipalities and Cities

LA FOIP, Municipalities and Cities

Access to information under LA FOIP

One of the purposes of The Local Authority Freedom of Information and Protection of Privacy Act (LA FOIP) is to ensure that local authorities are transparent and accountable to the public. One way of facilitating transparency and accountability is to provide individuals with the right to access records in the possession or under the control of a local authority. Section 5 of LA FOIP provides individuals with the right to access to records in the possession or under the control of a local authority:

5 Subject to this Act and the regulations, every person has a right to and, on an application made in accordance with this Part, shall be permitted access to records that are in the possession or under the control of a local authority.

Individuals may use this form to submit an access to information request to a local authority: http://www.qp.gov.sk.ca/documents/Forms/L27-1R1-B.pdf.

When a local authority receives a written request, it should process the request formally under LA FOIP. This includes assisting the Applicant to identify the record he/she is seeking, issuing a fee estimate if it is appropriate to do so, conducting a reasonable search for records, consulting with third parties, and issuing a formal response in accordance with section 7 of LA FOIP. For more information, please consult my office’s Best Practices for Responding to Access Requests.

Are there records that citizens may access without submitting a formal request under LA FOIP?

A person is entitled under section 117 of The Municipalities Act (MA) to inspect and obtain copies of certain types of records, including contracts approved by council, financial statements prepared in accordance with section 185 of MA, and council’s approved meeting minutes. What this means is that individuals should not have to submit a formal request under LA FOIP to obtain the records they are entitled to under the MA.

Similarly, a person is entitled under section 91 of The Cities Act (CA) and section 133 of The Northern Municipalities Act, 2010 (NMA) to inspect and obtain copies of similar types of records described above. What this means is that individuals should not have to submit a formal request under LA FOIP to obtain the records they are entitled to under the CA.

Do councillors have a right to records?

As a part of their duties, councillors are to represent the interests of the citizens living within their constituency at council meetings and council committee meetings. Councillors must also be informed in order to effectively participate in such meetings. In order to stay informed, councillors should have access to records related to the municipality/city business without requiring them to make a formal access to information request under LA FOIP to gain access.

Municipalities and cities should have policies and procedures in place that enables councillors to have access to records related to municipality/city business. Councillors should also agree to keep matters confidential until the matter is discussed publicly at a council meeting or council committee meeting.

Section 92 of the MA outlines the duties of councillors as follows:

92 Councillors have the following duties:

(a) to represent the public and to consider the well-being and interests of the municipality;

(b) to  participate  in  developing  and  evaluating  the  policies,  services  and  programs of the municipality;

(c) to  participate  in  council  meetings  and  council  committee  meetings  and  meetings of other bodies to which they are appointed by the council;

(d) to  ensure  that  administrative  practices  and  procedures  are  in  place  to  implement the decisions of council;

(e) subject to the bylaws made pursuant to section 81.1, to keep in confidence matters discussed in private or to be discussed in private at a council or council committee meeting until discussed at a meeting held in public;

(f) to maintain the financial integrity of the municipality;

(g) to perform any other duty or function imposed on councillors by this or any other Act or by the council.

Section 65 of the CA and section 106 of the NMA is very similar to the above.

When should council meetings or council committee meetings be held in-camera?

The MA, CA, and NMA requires councils and council committees to meet in public. Parts or all of a meeting can be closed to the public if the matter being discussed is within one of the exemptions in Part III of LA FOIP. Part III of LA FOIP provides for limited and specific circumstances in which information should not be disclosed.  Generally speaking, councils and council committees should make efforts to conduct most of their meetings in public unless one of the limited and specific circumstances in Part III of LA FOIP exists.

An example of when councils or council committees should hold part of a meeting closed to the public is if a matter to be discussed includes personal information of a citizen. This is because Part III of LA FOIP includes the following exemption:

15 (1) A head may refuse to give access to a record that:

(b) discloses agendas or the substance of deliberations of meetings of a local authority if:

(ii) the  matters  discussed  at  the  meetings  are  of  such  a  nature  that  access to the records could be refused pursuant to this Part or Part IV.

Part IV of LA FOIP provides that local authorities must not disclose personal information unless it has consent of an individual or the disclosure is in accordance with section 28 or 29 of LA FOIP:

28 (1) No  local  authority  shall  disclose  personal  information  in  its  possession  or  under  its  control  without  the  consent,  given  in  the  prescribed  manner,  of  the  individual to whom the information relates except in accordance with this section or section 29.

To understand when a meeting should be closed to the public, municipalities and cities should have a sound understanding of LA FOIP. For support, municipalities should contact the Ministry of Government Relations. They should also contact the Ministry of Justice (Access and Privacy Branch) at 306-798-0222 or accessprivacyjustice@gov.sk.ca, who makes training available to cities and municipalities.

Open Government, proactive disclosure, and routine disclosure

Municipalities and cities across Canada are leading the way in open government initiatives, including the City of Regina and the City of Saskatoon. These initiatives allow for citizens to gain access to information without submitting a formal access to information request. Check out the City of Regina’s website here and the City of Saskatoon’s website here.

I also note that many other cities and municipalities in Saskatchewan are proactively preparing and publishing information on their websites such as council agendas and meeting minutes. Such proactive disclosure of information facilitates transparency and accountability and enhances active participation of citizens in civic life.

Check out my office’s blog entry on what a municipality or city should consider when publishing agendas and meeting minutes on its website: https://oipc.sk.ca/council-agendas-and-meeting-minutes/.

Other helpful resources

A resource about LA FOIP for councillors: https://oipc.sk.ca/assets/what-councillors-should-know-about-lafoip.pdf

Mayors, reeves, and councilors may have a steep learning curve when they are elected, including how to handle personal information and personal health information. Here’s a resource on best practices on how to handle records that contain personal information and personal health information: https://oipc.sk.ca/assets/best-practices-for-mayors-reeves-councillors-and-school-boards.pdf

LA FOIP 101: The Basics for Cities, Towns, Municipalities Webinar: https://oipc.sk.ca/resources/webinars/la-foip-101-the-basics-for-cities-towns-municipalities-etc/

Resources by the Ministry of Justice, Access and Privacy Branch: http://www.publications.gov.sk.ca/deplist.cfm?d=9&c=3570

Was this page helpful?

Severing

When responding to access to information requests under The Freedom of Information and Protection of Privacy Act (FOIP), The Local Authority Freedom of Information and Protection of Privacy Act (LA FOIP) and The Health Information Protection Act (HIPA), there may be circumstances where information is exempt from release under mandatory or discretionary exemptions.  However, each of these statutes requires public bodies to release as much information as possible when responding to requests and this is done through severing.

Section 8 of both FOIP (applies to government institutions) and LA FOIP (applies to local authorities) provide:

8 Where a record contains information to which an applicant is refused access, the head shall give access to as much on the record as can be reasonably be severed without disclosing the information to which the applicant is refused access.

Subsection 38(2) of HIPA, which applies to trustees, has similar language.

Severing is the exercise by which portions of a document are blacked out before the document is provided to an Applicant. It is also considered severing where a responsive record is withheld in full.  In order to be compliant with section 8 of FOIP/LA FOIP and subsection 38(2) of HIPA, public bodies and trustees need to conduct a line-by-line review of each page and apply severing where appropriate.  In addition, each severed item should have a notation indicating which exemption(s) applies in each instance.  It must be clear to the Applicant as to what exemption(s) is being relied upon for each item that is severed. The IPC discourages the use of white space redacting. White space redacting is where software removes the content of a record in such a way that it renders the redacted content indistinguishable from the blank background of the document. This type of redacting creates uncertainty as to what, if anything, has been redacted.

It is important that public bodies and trustees not apply a blanket exemption(s) to an entire page or record just because the majority of the information contained on that page is exempt from release. A great example is an email chain.  A communication may almost fully be exempt from release.  However, if a public body or trustee is contemplating also severing the header information (to, from, cc, date, and subject), opening and closing sentences, confidentiality notice, signature lines, etc. of an email, it needs to demonstrate how the exemption applies to that information also.

We encourage you to refer to the IPC Guide to FOIP or the IPC Guide to LA FOIP at the time you are processing an access to information request as these resources outline the tests you need to consider when determining if an exemption should be applied.

On a final note, if you are still severing using hard copies of documents and find this to be onerous, you may want to look into options that are available for electronic severing. Who knows, you may already have this capability with the software that is installed on your system.

To learn more about severing electronically, check out our webinar Modern Age Severing Made A Lot Easier.

Was this page helpful?

Council Agendas and Meeting Minutes

To be accountable to the public, meetings of council and council committees are public by virtue of section 119 and 120 of The Municipalities Act. Further, subsection 117(1)(d) of The Municipalities Act entitles any person to inspect and obtain copies of council meeting minutes after they have approved by council.

To support this accountability, municipalities can post the agendas of council and council committee meetings to their website. The benefits of municipalities making information available online are plain to see. First, it increases municipalities’ accountability to the citizenry. Second, it increases citizens’ active participation in civic life.

While making information available online, such as council agendas and meeting minutes, has its benefits, municipalities should take care to minimize or avoid the publication of personal information of citizens on their websites.

What are the risks of publishing personal information on a website?

Chilling Effect

Public participation in civic matters is important to a democratic society. If individuals know their personal information, including their name and concerns, will be published on a website, then they may be deterred from raising matters to council.

Misuse

Search engines index websites and make information published on websites easily searchable.

Furthermore, technology is enabling organizations to gather and analyze personal information from various sites to create profiles on individuals. Such profiling can have undesirable results such as identity fraud or theft, embarrassment, and physical or emotional harm.

Dissemination

Publishing information on the World Wide Web has a much broader audience than information published in other formats such as hard copy newsletters, magazines, and books. Further, information published online can easily be copied and disseminated. Information, especially if it is inaccurate or unflattering, can haunt or damage an individual’s reputation.

Can municipalities withhold personal information that is in meeting documents?

The short answer is yes.

The long answer is that while subsection 120(1) of The Municipalities Act requires that council and council committees conduct their meetings in public, subsection 120(2) of The Municipalities Act provides that meetings may be closed to the public if the matters being discussed are within the exemptions in PART III of The Local Authority Freedom of Information and Protection of Privacy Act (LA FOIP).

Part III of LA FOIP includes subsection 15(1). Subsection 15(1) of LA FOIP provides that a head may refuse to give access to a record that discloses agendas or the substance of deliberations of meetings where matters discussed at the meetings could be refused pursuant to Part III or Part IV of LA FOIP.

Part IV of LA FOIP includes subsection 28(1). Subsection 28(1) of LA FOIP provides that a local authority is not to disclose personal information in its possession or control without the individual’s consent except if the disclosure is authorized by LA FOIP.

Since Part IV of LA FOIP enables a local authority to refuse access to personal information, then council and council committees may close its meetings to the public if the matters being discussed include personal information.

What does this mean for municipalities posting agendas and meeting minutes to its website? Information in documents that falls within the exemption subsection 15(1) of LA FOIP and subsection 28(1) of LA FOIP, then, can be withheld (or redacted) prior to the document being posted online.

What privacy considerations should a municipality undertake when publishing council agendas and meeting minutes?

Notification

Before, or at the time of, collection of personal information, LA FOIP requires that municipalities inform individuals of the purpose for which personal information is collected. Therefore, municipalities should notify citizens about how personal information submitted to it could become a part of public council or committee agendas or meetings minutes, and could also be published to the RM’s website. The notice should include the contact information of someone who works for the municipality to answer questions or respond to concerns about the collection of personal information.

Municipalities should consider putting a notice on its website, in brochures, on posters, and on any other medium where citizens can easily see the notice.

Redaction

If documents such as agendas contain personal information, consider providing council members with a redacted version of the document for the council meeting.

Further, if council meeting minutes contain personal information, then municipalities should consider redacting the personal information prior to publishing the minutes on their website.

Data Minimization

When recording the minutes of a council meeting, the municipality should record the least amount of personal information. Better yet, it can attempt to de-identify the information by using terms such as “a Rate payer,” “a Tax payer”, or an initial to represent the person who is involved in a matter being discussed by council, or a council committee.

Review of Practices

Municipalities change and so does technology. Reviewing and revising practices to account for such change can be a good way to stay ahead of the curve. Asking citizens for feedback on the municipalities’ privacy practices may also help municipalities adjust their privacy policies accordingly!

 

Was this page helpful?

Lawyers Bills: Are They a “No Brainer”?

We have now had a few reports that have dealt with the application of solicitor-client privilege exemptions (sections 22 of FOIP and 21 of LA FOIP) to lawyers bills.  In these cases, the Commissioner relied on a Supreme Court of Canada decision Maranda v. Richer, [2003] 3 S.C.R. 193, 2003 SCC67 to find that lawyers bills are subject to solicitor-client privilege.  The Supreme Court asserted that there is a presumption of privilege for lawyers’ bills of account as a whole in order to ensure that solicitor-client privilege is honoured. (See IPC Review Reports 052-2013 and 280-2016 & 281-2016)

When I refer to “lawyers bills”, I mean an invoice or statement of account that is communicated from a lawyer or law firm to a public body after providing legal services.  Some lawyers bills can be quite detailed and list the dates of individual phone calls, tasks performed and the subject matter. 

It is possible for an Applicant to rebut that solicitor-client privilege applies.  To do so, it must provide persuasive arguments that the disclosure of information will not result in the Applicant learning of information that is subject to solicitor-client privilege. Order F15-16 from the Information and Privacy Commissioner of British Columbia lays out a test for determining whether the presumption of privilege has been rebutted.  Applicants, though, are at a disadvantage when having to make arguments for why privilege does not exist to information when they cannot see or examine the information.

So it does seem like a no brainer that solicitor-client exemptions would apply to this type of information, right?

Well… I think every issue in the FOIP World is unique!

A public body still has to be accountable for the public money it spends on legal services.  In Review Report 003-2017, the Commissioner found that the details of payment for legal services in a public body’s accounts payable invoice history report was not subject to solicitor-client privilege.  In other words, some of the information from the lawyer’s bill was entered into the public body’s accounting system, which was the subject of the review.  The Commissioner reasoned that some of the data items in this record, such as purchase order number, voucher number and bank information, was information that the public body assigned to the lawyer’s bill once it was received  – the exemption did not apply to these items.  Further, the name of the law firm did not qualify as it was confirmed through public documents that a particular firm had been engaged by the public body.  The firm’s invoice number and the due date did not reveal the nature of the advice that was sought.  Finally, he also did not find that there was a reasonable possibility that disclosure of the amount of the fees paid would reveal any communication protected by privilege.

Once again, I am reminded that our office must review every record, and the circumstances surrounding it, on a case by case basis.

 

Was this page helpful?

Access and Privacy Rights of Minors Online

On May 3, 2016, our office posted to our website a blog titled, Who Signs for a Child?. Though the focus of that blog was on who can sign for a child under the age of 18 years, the following advice on mature minors was offered:

FOIP and LA FOIP do not contemplate the child asking for his or her personal information. But when children get to the age of what may be considered a mature minor, heads should use their discretion to provide the personal information if the child “understands the nature of the right or power and the consequences of exercising the right or power.” Heads should also look to their governing legislation to see if the Legislative Assembly has provided direction on the rights of the child.

HIPA does contemplate an individual under 18 years of age exercising a right under the Act such as requesting his or her personal information. When such a request is made, it is up to the trustee to determine whether the individual understands the nature of the right or power and the consequences of exercising the right or power.

What further complicates matters is when services being offered to children and adolescents move to the online world. How are access and privacy rights impacted?

Although there does not appear to be any global rules on children’s consent under the new General Data Protection Regulation (GDPR), Article 8 speaks to children’s consent for ‘information society services’ (services requested and delivered over the internet).  It appears that for most services provided to children, parental consent for those under 16 is needed unless otherwise set by Member States.  If offered online, age-verification measures and reasonable efforts to verify parental responsibility for those under the relevant age is a must.

In an interesting decision, PIPEDA Report of Finding #2014-011, dealing with an investigation involving a website aimed at children between the ages of 6 and 13 years of age, the Privacy Commissioner of Canada’s office commented as follows:

112.  The consent provisions of PIPEDA do not expressly speak to age-based consent. Principle 4.3 states that the knowledge and consent of an individual are required for the collection, use and disclosure of personal information. Principle 4.3.2 requires organizations to ensure that individuals are advised of the purposes for which the information will be used and that consent obtained from individuals is meaningful. Meaningful consent means that the individual concerned can reasonably understand how the information will be used or disclosed prior to providing consent.

113.  Meaningful consent becomes a more difficult notion where personal information is being sought from children. Can a child reasonably understand what they are being asked to consent to?

114.  Principle 4.3.6 of Schedule 1 states that consent can be given by an authorized representative (such as a legal guardian or a person having a power of attorney). However, it does not specify under what circumstances this can or should occur.

115.  In PIPEDA Report of Findings #2012-001, we recognized that there was value in users of a Canadian social networking website aimed at teenagers and young adults involving their parents in their online transactions. However, we concluded that PIPEDA did not require parents to provide consent on behalf of their teenager in the context of that website. We concluded in that case that in order to ensure meaningful consent was obtained, the information handling practices of the organization had to be explained in such a way that its teenage users could understand how their personal information would be handled by the website.

116.  Ganz’s Website is aimed at children under 13, a younger demographic group than the one at issue in PIPEDA Report of Findings: #2012-001. Children under the age of 13 have arguably a less sophisticated understanding of online marketing and social media interactions.

122.  We considered it questionable as to whether a child under the age of thirteen opening an account would be able to find this provision in the User Agreement, understand the text, and act accordingly.

Canada Health Infoway has done some work in this area specifically examining adolescent access to PHI in a number of publications including Consumer Health Solutions – Pandora’s Box Adolescent Access to Digital Health Records – Research Summary dated August 2016. In its Executive Summary it states, “Outside of Quebec, statutes do not set an age requirement for a person to access their own PHI, to consent to the collection, use and disclosure of their PHI or to consent to treatment. However, there are other requirements to exercise the rights, such as knowledge, capacity or maturity.” Later it is stated, “the general rule is that a contract cannot be enforced against a minor (although there are exceptions).”

How do you cover your bases? The Privacy Commissioner of Canada offers good advice when dealing with kids online in Collecting from kids? Ten tips for services aimed at children and youth, as follows:

Make clear who is agreeing to terms and conditions. The ubiquitous “I have read and agree to the Terms and Conditions and Privacy Policy” checkbox on registration forms poses an additional difficulty when your users are youth. Is your organization asking the user to agree to these terms, or his or her parent/guardian? Remember, with younger children, the former is not possible given the need for meaningful consent. Moreover, if it is the latter, you must also ask yourself how you are ensuring that the parent/guardian has actually been involved in the process. The answer to these questions needs to be clear to, and consistent between, both you and your users.

Now that we are moving to online access to PHI through patient portals, what, if any, limits should be set as to age of those that can log-in and get direct access to his or her own PHI? Are any associated terms and conditions accepted akin to entering a contract? Our office has not yet had to offer any formal views on the particular issue. We will have to wait and see.

Was this page helpful?

Transitory Records and Access-to-Information Requests

What are transitory records?

The Provincial Archives of Saskatchewan defines transitory records as:

Records of temporary usefulness that are needed only for a limited period of time, to complete a routine task or to prepare an ongoing document. Also, exact copies of official records made for convenience of reference. These records are not required to meet statutory obligations or to sustain administrative or operational functions. Once they have served their purpose and, in the case of convenience copies the official record has been identified, these records should be destroyed in accordance with internal disposal procedures.

What are some examples of transitory records?

As mentioned above, records of short-term value are transitory records. Similar to official records, transitory records can come in any format, including post-it notes, handwritten notes, and electronic records including emails and text messages.

Are transitory records subject to FOIP or LA FOIP requests?

Yes. Although transitory records are routinely disposed, if the public body receives an access-to-information request under FOIP or LA FOIP, then any responsive transitory records in the possession or control of the public body must not be disposed.

The receipt of a FOIP request should freeze all disposition action relating to records responsive to the request.

Public bodies should have processes in place to communicate to employees to not dispose of records that are responsive to a FOIP or LA FOIP request.  It is an offense to willfully destroy records to evade an access-to-information request.  The penalty can be a fine and/or imprisonment.

How long must the public body wait before disposing of the transitory records?

The public body should wait at least one year before disposing of transitory records that are responsive to an access-to-information request. This is because the public body must include the transitory records as it processes the access-to-information request. Then, once the public body responds to the Applicant, the Applicant has one year from the time the response is given to appeal to the Commissioner (subsection 7(3) of FOIP and LA FOIP). Once this time period has expired, then the public body can dispose of the transitory records.

It should be noted that public bodies may continue to destroy transitory records that are not responsive to an access-to-information request according to their records management policy.

 

Was this page helpful?

Unauthorized Access

This blog is focused on the unauthorized access to electronic health records for purposes such as curiosity, concern, personal gain, spite, or boredom, and the harm that results from such unauthorized access.

I note that the majority of trustee employees or individuals in service of a trustee (including physicians) access electronic health records for purposes that are authorized by The Health Information Protection Act (HIPA). This blog is not meant to deter these employees or individuals from accessing electronic health records they require to do their jobs.

UNAUTHORIZED ACCESS

The following are some examples of unauthorized access:

1. Looking up a family member’s personal health information out of concern.

There should be very limited circumstances in which employees or individuals look up their own or a family member’s personal health information. For physicians and surgeons, the College of Physicians and Surgeons’ Code of Ethics provides that the treatment of themselves or immediately family members be limited:

Limit treatment of yourself or members of your immediate family to minor or emergency services and only when another physician is not readily available; there should be no fee for such treatment. (https://www.cps.sk.ca/imis/Documents/Legislation/Legislation/RegulatoryBylaws.pdf)

Therefore, physicians and surgeons should not be looking up a family member’s personal health information unless it’s in the limited circumstances as described in the Code of Ethics.

2. Looking up your own or a co-worker’s personal health information out of concern, curiosity, or spite.

Investigation Report H-2013-001 reported on snooping cases that resulted in employees accessing and modifying not only their own personal health information but that of their coworker’s personal health information. It doesn’t take a lot of imagination to understand the consequences of such actions, including future health care decisions for these individuals could have been based on false information. (https://oipc.sk.ca/assets/hipa-investigation-h-2013-001.pdf)

3. Looking up patient records to alleviate boredom.

Electronic health records are support health care providers in providing care to patients. It is not meant to alleviate boredom as discussed in Investigation Report 100-2015. (https://oipc.sk.ca/assets/hipa-investigation-100-2015.pdf)

4. Looking up patient records without a need-to-know.

Investigation Report 142-2015 reported a case where an employee accessed the personal health information of 901 individuals. This employee was fired and the Commissioner recommended that the case be forwarded to the Ministry of Justice, Public Prosecution Division, so that it can determine if charges should be laid under HIPA. (https://oipc.sk.ca/assets/hipa-investigation-142-2015.pdf)

HARM OF UNAUTHORIZED ACCESS

Patients lose trust and confidence in the health system. They may be cautious in seeking treatment if they learn that a family member, friend, co-worker, colleague may have unauthorized access to their personal health information.

Trustees also suffer reputational damage when employees or individuals who are in service to the trustee (such as physicians) access electronic health records without a need-to-know.

FINES AND IMPRISONMENT

Recent amendments to HIPA provide individual offences for unauthorized access to personal health information. Therefore, employees or individuals in service of a trustee (such as a physician) may be fined up to $50,000 and/or face imprisonment of up to one year if they are found to have accessed personal health information for purposes that are not authorized by HIPA.

WHAT TO DO?

Trustees and trustee organizations should establish policies, procedures, and training so employees and individuals clearly know how to manage personal health information in accordance with HIPA. Audits should also be conducted regularly to ensure policies and procedures are being followed.

Employees and individuals in service of trustees should only access personal health information, including electronic health records they require to complete job duties. If they have any questions, they should contact their supervisor, manager, and/or the privacy officer of the trustee organization.

Was this page helpful?

Updated: Tips for a Good Submission

So much of what we do here at the OIPC involves reviewing submissions (or representations) from parties.  In my time here, I have seen some very persuasive ones. I thought some tips on what, in my view, made a persuasive submission would be helpful.

A submission contains a party’s arguments in support of their position.  For public bodies or third parties, depending on the nature of the case, this often means arguments for why particular exemptions apply.  For applicants, it means arguments for why information should be released and why particular exemptions do not apply.  Here are some tips and things to avoid.

Tips 

When drafting your submission, our office encourages parties to rely on its resource called the IPC Guide to FOIP for government institutions or the IPC Guide to LA FOIP for local authorities.  These Guides have six chapters each and cover all the provisions in The Freedom of Information and Protection of Privacy Act (FOIP) and The Local Authority Freedom of Information and Protection of Privacy Act (LA FOIP).  Of particular interest would in a review matter is Chapter 4: Exemptions from the Right of Access which sets out the tests and definitions for all the exemptions under Parts III of FOIP and LA FOIP. These tests reflect the precedents set by the current and former Information and Privacy Commissioners in Saskatchewan, Commissioners in other jurisdictions and court decisions from across Canada.  We use these tests in our reviews. As such, our office is looking for how an exemption applies using the test in the applicable Guide so covering this in your submission improves its likely of successfully convincing the Commissioner the exemption applies.

A persuasive submission should have just enough information to support your position but not more than what is needed.  It should have the following four things for each exemption relied on:

  1. List the exemption that has been applied.
  2. List the page numbers that it applies to (group pages if the records are similar).
  3. Reproduce the test from the Guide for that exemption.
  4. Lay-out your arguments for each part of the test (make sure to tie it to the information in the record).

Things to Avoid

  • Avoid just stating “yes” to the test questions in the Guide. Explanation is needed.
  • If citing court cases and/or orders from other jurisdictions, simply provide the URL. No hard copies are required.
  • Avoid just restating the exemption or the test question as an argument. For example, stating “This information qualifies for exemption under subsection 17(1)(a) of FOIP because it is a recommendation developed by or for a government institution.”
  • Avoid arguments that go beyond what is contemplated by the exemption (e.g., public interest override arguments when it’s not part of the exemption).

Things to consider:

  • If providing supporting documentation (e.g., court cases or evidence) explain in the submission how it supports your position (i.e., tie it into your arguments). If a supporting document isn’t tied to anything, it won’t be persuasive.
  • Ensure that your submission matches your Index of Records and the record itself (i.e., page numbers and exemptions relied on). If not, it can appear that the preparation of materials was rushed which could give the impression that so were the application of exemptions.
  • Make sure you explain sufficiently how the information meets the test threshold (e.g., explain the ‘harm’ that you foresee in detail for harms based exemptions).

For more assistance on preparing your submission, Index of Records and/or the record itself, you can refer to our resources:

What to Expect During a Review with the IPC:  A Resource for Public Bodies and Trustees
A Guide to Submissions
The Guide to FOIP
The Guide to LA FOIP
But I’m the Applicant – how can my submission help?
Preparing and writing a submission

Was this page helpful?

When Salary is Open to Public Scrutiny

The starting point of determining whether or not your salary is releasable starts with what access and privacy law applies to you in your circumstance. If you work for a government institution or local authority, then your salary is not considered your personal information.

Why does it matter if it is or is not considered personal information? Well, if it is not considered personal information, then the privacy protections afforded by privacy laws will not protect it from release to whoever is asking for it. If it did constitute your personal information, generally the only individual with a right to access that information would be you. That however is not the case with salary information of those working in the public sector. This is even though the following is generally considered to be your personal information: “information that describes an individual’s finances, assets, liabilities, net worth, bank balance, financial history or activities of credit worthiness.”

Some have asked our office why salary ranges cannot be released instead. In Saskatchewan, The Freedom of Information and Protection of Privacy Act (FOIP) and The Local Authority Freedom of Information and Protection of Privacy Act (LA FOIP) both state that “salary” is not considered personal information. In some jurisdictions, the legislation provides that “salary range” instead may be disclosed.

What about the public release of salaries over a certain dollar figure like $50,000 or $100,000? Neither FOIP nor LA FOIP discriminates when it comes to how much you make. Whether that amount is $20,000 or $200,000, it is releasable.

The IPC has a couple of past reports on our website that speak specifically to this issue. Investigation Report LA-2012-001 involves the City of Moose Jaw and its decision to publish in its public accounts information, salaries paid to employees and officers of the City but also that of police officers. The other report where salary was discussed was Investigation Report LA-2012- 002 involving the Regina Qu’Appelle Regional Health Authority. Discussed in this report is publishing salary information on the Internet. Although there was authority to release salary information publicly including on the Internet, technical safeguards should be utilized to prevent wide scale data mining. A specific recommendation in this case was to utilize web robot exclusion protocols to reduce the opportunity for web crawlers to crawl and compile information from web servers.

In conclusion, making available salary information of those working in the public sector is done to achieve the objective of making public expenditures more transparent for accountability purposes. If you have further questions on this topic, contact our office.

Was this page helpful?

Google Translate Disclaimer

Translations on the IPC Website are performed by Google Translate. Please note that not all text may be translated accurately or be translated at all. The IPC is not responsible for incorrect or inaccurate translations. The IPC will not be held responsible for any damage or issues that may result from using Google Translate.

For more information, read our full disclaimer.